1.Ensure proper security controls are enforced across the different systems based on the identified systems’ criticality.

2.Review and recommend updates to the bank’s IT & Cyber security policy, relevant processes, procedures and guidelines.

3.Participate in the security gap and threat assessments post globally/locally identified security incidents/threats and ensure the effective implementation of action plans with the relevant stakeholders.

4.Support the implementation of the key strategic business initiatives and projects through following the secure software acquisition life cycle including specifying the confidentiality, integrity, and availability requirements, addressing security requirements throughout the acquisition of new systems and performing proper risk assessment prior to releasing new systems to production.

5.Review new technologies and changes to existing technologies for vendor acquired solutions to ensure proper information security requirements/controls and compliance with relevant security policies and compliance mandates.

6.Validate the security requirements to ensure the proper management of test data on development and test environments according to the set test data management strategy and in alignment with the developed security policies.

7.Develop and maintain threat modelling strategy and procedures for the purpose of optimizing the infrastructure and network security through identifying clear objectives and developing countermeasures to prevent or mitigate the impacts of cybersecurity attacks/threats on the environment.

8.Provide updates on the different Security KRIs, RAIs and RCSA and develop an action plan to mitigate those risks to be reported to the Security & Technology Risk Management Team for tracking.

9.Conduct the different security assessments for vendors and third Parties providing critical services and engagements that involve access to or sharing of CIB’s information, as per the respective policies and guidelines.

10.Responsible for initial security risk assessment for any identified security risks across the organization and liaise with the security & technology risk management for final risk rating and reporting.

11.Conduct the annual review and update of the area’s processes, procedures and recommend updates to relevant policies with the adherence to the developed SLAs.

Qualifications & Experience

Bachelor’s degree of Engineering, Computer Science, Information Security or equivalent.

 3-5 (5-8 for the senior) years of work experience in Information Security, IT Security Analysis or Risk Analysis

Excellent Knowledge of ISO 27001, PCI standards, NIST frameworks, OWASP and SWIFT CSP

Excellent knowledge about ISMS implementation

Risk Management & Security Risk assessments.

Must have technical background in areas like software development, security architecture, security platforms and IT tools/platforms commonly used in a modern software architecture, administration and management along with risk background

Recommended Certifications:

oISO 27001:2013 Implementer/Lead Implementer

oCISSP

oCRISC

oCISM

oGIAC Certifications

oCEH

oSecurity+

Skills

Time Management Skills, Analytical skills, and Strong presentation skills

Teamwork Spirit

Strong Communication skills